Stars
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Impacket is a collection of Python classes for working with network protocols.
The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA…
Prowler is the Open Cloud Security for AWS, Azure, GCP, Kubernetes, M365 and more. As agent-less, it helps for continuous monitoring, security assessments & audits, incident response, compliance, h…
Fast subdomains enumeration tool for penetration testers
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux
🐍 A toolkit for testing, tweaking and cracking JSON Web Tokens
EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.
Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
Unicorn is a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory. Based on Matthew Graeber's powershell attacks and the powershell bypass technique present…
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
File upload vulnerability scanner and exploitation tool.
Tool for Active Directory Certificate Services enumeration and abuse
Extract credentials from lsass remotely
The SpecterOps project management and reporting engine
Standalone Executable to Check for Simple Privilege Escalation Vectors on Windows Systems
A pure-python fully automated and unattended fuzzing framework.